WE CLAIM: 



1. A communication method using public key cryptosystem by 
which a sender device encrypts send data by using a receiver's public key, 
the method comprising: 

a key generating step of generating a secret key (p,q,p) satisfying 

• q : prime integers, p = 3 (mod 4), q ~ 3 (mod 4) 

• j3 e Z, a&=l (mod lcm(p - 1)) 

# 

and 

• n = p d q (d > 1 is odd.) 

• & : binary length of pq 

• aeZ 

a public key (n ? k,a) satisfying 

(1) an encrypting step performed by the sender device, of 

C = m 2na modn 
computing 

for plaintext m (0 < m < 2 k 2 ) ? computing Jacobi's symbol a=(m/n), and 
sending ciphertext (C,a) to the receiver device; and 

(2) a decrypting step performed by the receiver device, of 
using the receiver's secret key (p,q,p) to compute 

rai,p = C * mod;?, 
m i,q — C * mod q 

from the ciphertext (C,a), and regarding as the plaintext m any of 
4>(mi,p,mi, q ), <|>(-mi,p,mi,q), (j)(mi jP ,-mi f q), and 4>(-mi, p ,-mi, q ) that satisfies 
Cx/n)=a and 0<x<2 k ' 2 , where $ denotes ring isomorphism mapping from 
Z/(p)xZ/(q) to Z/(pq) by the Chinese remainder theorem. 



2. The communication method using public key cryptosystem 
according to Claim 1, comprising the step of 

generating and publicizing the public information (n,k,a) by the 
receiver device. 

3. The communication method using public key cryptosystem 
according to Claim 1, wherein, for a=$=l, a and p are deleted from the 
public key and the secret key, respectively. 

4. A communication system using public key cryptosystem in 
which a sender device encrypts send data by using a receiver's public key, 
the system comprising: 

(a) a sender device comprising: 

a key generating device for generating a secret key (p,q ? p) 
satisfying 

• p, q : prime integers, p = 3 (mod 4), q = 3 (mod 4) 

• 0 € Z, ap = 1 (mod lcm(p - l 7 q - 1)) 

and 

• n = p d q (d > 1 is odd) 

• k : binary length, of pq 
*a€Z 

• a€{-l, 1} 

a public key (n,k,a,a) (k is the bit length of pq) satisfying 



a device for computing 
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C = m 2nct mod n 

for plaintext m satisfying a=(m/n) (0 < m< 2 k " 2 ) (a=(m/n denotes Jacobi's 
symbol); and 

a communication device for sending ciphertext C to the receiver 
device; and 

(b) a receiver device comprising: 



mi 5 p = C 4 modp, 
mi 3q = C 4 mod g 

a device using the receiver's secret key (p,q,(3) to compute 

from the ciphertext C; and 

a device regarding as the plaintext m any of <|)(mi,p,mi,q), 
(t>(-mi, p ,mi, q ), <|)(mi,p,-mi, q X and (|)(-mi,p,-mi,q) that satisfies (x/n)-a and 
0<x<2 k 2 , where $ denotes ring isomorphism mapping from Z/(p)xZ/(q) to 
Z/(pq) by the Chinese remainder theorem. 

5. The communication system using public key cryptosystem 
according to Claim 4 ? wherein the receiver device comprises a device for 
creating the public information (n,k ? a,a). 

6. The communication system using public key cryptosystem 
according to Claim 4, wherein, for a=p=l ? a and (3 are deleted from the 
public key and the secret key, respectively. 

7. The communication method using public key cryptosystem 
according to Claim 1, comprising the step of creating the secret keys p 
and q by p=2p T +l and q=2q r +l, where p' and q f are prime integers. 



8. The communication method using public key cryptosystem 
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according to Claim 1, comprising the step of creating the plain text m so 
as to include check information for checking whether message text to be 
sent to the receiver from the sender has been correctly decrypted. 

9. The communication method using public key cryptosystem 
according to Claim 1, comprising the step of transforming message text to 
be sent to the receiver from the sender into plaintext m whose contents 
are provided with predetermined redundancy, and encrypting the 
plaintext m by the method described in Claims 1 or 4, wherein the 
receiver device decrypts the plaintext m by the method described in 
Claims 1 or 4 and checks the predetermined redundancy. 

10. The communication method using public key cryptosystem 
according to Claim 1, comprising the step of transforming message text to 
be sent to the receiver from the sender into plaintext m whose contents 
are provided with a predetermined, meaningful message, and encrypting 
the plaintext m by the method described in Claims 1 or 4, wherein the 
receiver device decrypts the plaintext m by the method described in 
Claims 1 or 4 and checks the contents of the predetermined, meaningful 
message. 

11. The communication method using public key cryptosystem 
according to Claim 1, wherein the value of d (d>l) is variable. 

12. A key sharing method by which a sender device performs 
cipher communications by using a receiver's public key, the method 
comprising key generating steps of 

generating a secret key (p,q,p) satisfying 

• p, q : prime integers, p~3 (mod 4), q = 3 (mod 4) 

• 0 € Z 5 <*0 = 1 (mod lcm(p - l 9 q - 1)) 



and 
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a public key (n,k ? a) (k is the bit length of pq) satisfying 

• n = p d q (d > 1 is odd) 

• k : binary length of pq 

• or G Z 

• / : one-way function ; 

(1) in the sender device, to share a shared key K=f(m) with the 
C = rn 2na mod n 

receiver device, for send data m (0<m<2 k " 2 ), computing 
and 

computing Jacobi's symbol a=(m/n) and the shared key K by K=f(m), 
sending ciphertext (C,a) to the receiver device, and computing the shared 
key K=f(m); and 

(2) in the receiver device, using the receiver's secret key (p,q,|3) to 
compute 



mi )P — 6 * mod p y 
mi t? = C 4 mod q 

from the ciphertext (C,a), computing as the send data m any of 
4>(mi lP ,mi, q ), <|)(-mi,p,mi,q), <J>(mi fP ,-mi,q), and <J)(-mi,p,-mi, q ) that satisfies 
(x/n)=a and 0<x<2 k " 2 , where § denotes ring isomorphism mapping from 
Z/(p)xZ/(q) to Z/(pq) by the Chinese remainder theorem, and computing 
the shared key K by K=f(m) using public information f. 

13. The key sharing method according to Claim 12, comprising 
the step of 

generating and publicizing the public information (n,k,a) by the 
receiver device. 



14. The key sharing method according to Claim 12, wherein, for 
a=(3=l, a and (3 are deleted from the public key and the secret key ? 
respectively. 

15. A key sharing method by which a sender device performs 
cipher communications by using a receiver's public key, the method 
comprising key generating steps of 

generating a secret key (p,q,p) satisfying 

♦ j;, q : prime integers, p s 3 (mod 4), q = 3 (mod 4) 

• jS € Z, a(3 = l (mod km(p - l,g - 1)) 

and 

♦ 7! = p<*£jr (d > 1 is odd) 

♦ fc : binary length of pq 

• a € {-1, 1} 

• / : one- way function 

a public key (n ? k,a,a) (k is the bit length of pq) satisfying 

(1) in the sender device, to share a shared key K=f(m) with the 
receiver device, for send data m (0<m<2 k 2 ) satisfying a=(m/n) (a=(m/n) 
denotes Jacobi ? s symbol), computing 

C = rn 2na modn 

and 

computing the shared key K by K=f(m), sending ciphertext C to the 
receiver device, and computing the shared key K=f(m); and 

(2) in the receiver device, using the receiver's secret key (p ? q ? (3) to 
compute 



mi ?p = C 4 modp, 
= C 4 modg 

from the ciphertext C, computing as the send data m any of 4>(mi, p ,mi,q), 
^(-mi^mi.q), (j)(mi, P) -mi,q), and <|>(-mi,p,-mi,q) that satisfies (x/n)=a and 
0<x<2 k " 2 , where <|> denotes ring isomorphism mapping from Z/(p)xZ/(q) to 
Z/(pq) by the Chinese remainder theorem, and computing the shared key 
K by K=f(m) using public information f. 

16. The key sharing method according to Claim 15, comprising 
the step of- 

generating and publicizing the public information (n,k,a,a) by the 
receiver device. 

17. The key sharing method according to Claim 15, comprising 
the step of, for a=p=l, deleting a and (3 from the public key and the secret 
key, respectively. 

18. The key sharing method according to Claim 12, comprising 
the step of creating the secret keys p and q by p=2p'+l and q=2q'+l, 
where p' and q ? are prime integers. 

19. The key sharing method according to Claim 12, wherein the 
value of d (d>l) is variable. 

20. An encryption method in public key cryptosystem according to 
Claim 1, wherein one or more hash functions are publicized and the 
sender device comprises the steps of: 

creating plaintext and random number information; 
performing exclusive OR and data concatenation operations on 
the plaintext and the random number information; 
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inputting results obtained by the operations to a relevant hash 
function and computing the input results; 

performing exclusive OR and data concatenation operations on 
the plaintext, the random number information, and the results of input to 
the hash function; and 

replacing the results of the operations in a location of the 
plaintext m in Claim 1 or the location of a random number r, and 
performing encryption according to the procedure of the public key 
cryptosystem in Claim 1. 

21. A decryption method in public key cryptosystem, for 
decrypting ciphertext encrypted by the method set forth according to 
Claim 20, the method comprising: 

the decrypting step set forth in Claim l; 

a step of restoring the plaintext m from the results of the logical 
OR and data concatenation operations performed in Claim 20; 

a step of verifying the validity of the procedure of the (exclusive 
OR and data concatenation) operations; and 

a step of outputting decryption results. 

22. A communication method using public key cryptosystem by 
which a sender device encrypts send data by using a receiver's public key, 
the method comprising key generating steps of: generating a secret 
key (p,q,p) satisfying 

• p, q : prime integers, p = 3 (mod 4), q s 3 (mod 4) 

• jS^Z) a£s 1 (mod lcm(p - l,g - 1)) 

r 

and 

a public key (n,k,ko,ki,a,G,H) satisfying 



• n=p d q (d> lis odd) 

• fc, jfco, fei : ft is a binary length of pq, and ft 0? *i are positive integers 

• <? ; {0> l}* 10 -J- {0, l} fe - fe o-2 

• tf :{0,l} fe -*°- 2 ->{0,l}*° 



ar = (mO* 1 O G(r))||(r O H{mO k ' 0 <?(r))) 

(1) in the sender device, computing 

for plaintext m (me{0,lKl=k-ko-ki-2) and a random number r(re{0 ? l} ko }, 
C = x 2na mod n 

» 

computing 

and further computing Jacobi's symbol a-(x/n) ? and sending ciphertext 
(C,a) to the receiver device; and 

(2) in the receiver device, using the receiver's secret key (p,q,p) to 
compute 

xi# = C * modp, 
= C 4 mod 4 

from the ciphertext (C,a), computing y that satisfies (y/n)=a and 0<y<2 k2 
of <|)(xi,p,xi f q), (t>(-xi )P? xi, q ) 3 <|>(xi ? p,-xi, q ), and ^(-xi.prxi^), where 4 denotes ring 
isomorphism mapping from Z/(p)xZ/(q) to Z/(pq) by the Chinese 
remainder theorem, further 
when 

computing 
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z = G(H(s)Ot)Os, 




| "reject" otherwise 
and decrypting the plaintext m by 

where [a] k and [a]k denote first k-bits and last k-bits of a, respectively. 

23. The communication method using public key cryptosystem 
according to Claim 22, comprising the step of> 

generating and publicizing the public information 
(n,k,ko,ki,a,G,H) by the receiver device. 

24. The communication method using public key cryptosystem 
according to Claim 22, comprising the step of, for a=p=l, deleting a and p 
from the public key and the secret key, respectively. 

25. A communication method using public key cryptosystem by 
which a sender device encrypts send data by using a receiver's public key, 
the method comprising key generating steps of: generating a secret 

• p, q : prime integers, p s 3 (mod 4), q = 3 (mod 4) 

• j8€Z, a0 = l (mod lcm(p~ l,g-l)) 
key (p,q,p) satisfying 



a public key (n,k,ko,ki,a,G,H) satisfying 

• n = p d q (d > 1 is odd) 

• fc f *d,fcl € Z : k is a binaxy length of pq, and &o,*i axe positive integers 
k 0 -h- 2. 

• Of€ Z 

• a€{-l,l} 

•■G : {0,1}*° {0, l}*-*°- 2 



and 
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(1) in the sender device, computing 
x = (mO fel O 0(r))||(r O #(mO fcl O G(r))) 

that satisfies a=(x/n) for plaintext m (mE{0,l}U=k-ko-kr2) and a random 
number r(re{0,l} ko } (a=(m/n) denotes Jacobi's symbol), computing 

C = x 2na mod n 

and further sending ciphertext C to the receiver device; and 

(2) in the receiver device, using the receiver's secret key (p,q,(3) to 

xij, = C * modp, 
xij =. C * mod q 
compute 

from the ciphertext C, computing y that satisfies (y/n)=a and 0<y<2 k2 of 
(|>(xi,p,xi, q ), <K-xi, P ,xi, q ), (j)(xi, P ,-xi >q ), and <|>(-xi,p,-xi >q ), where <|> denotes ring 
isomorphism mapping from Z/(p)xZ/(q) to Z/(pq) by the Chinese 
remainder theorem, further 
when 

y = s\\t Ue{Q,l} k - k °- 2 ,t€{0,l} k0 ) 

z = G(H{s)Ot)Qs, 
computing 



r if[*k=o fc i 

m 1 "reject" otherwise 

and decrypting the plaintext m by 

where [a] k and [alk denote first k-bits and last k-bits of a, respectively. 



26. The communication method using public key cryptosystem 
according to Claim 25, comprising the step of 

generating and publicizing the public information 
(n,k,ko,ki,a,a,G,H) by the receiver device. 

27. A communication method using public key cryptosystem by 
which a sender device encrypts send data by using a receiver's public key, 
the method comprising key generating steps of generating a secret 
key (p,q,p) satisfying 

• p, q : prime integers, ps3 (mod 4), q s 3 (mod 4) 

• /3eZ, a|J = l (mod lcm(p-l, <?-!)) 

and 

a public key (n,k,ko,ki,a,G,H) satisfying 
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• n~p d q (d> lis odd) 

• k t koM € Z : k is a binary length of pq> and fc 0 ,&i are positive integers with k > 
h Q - k x - 2. 

• (?:{0,l} fet >->{0,l} fc - fc °- 2 



a: = (mO fcl G 0(r))l|(r O ff (mO* 1 O G(r))) 

(1) in the sender device, computing 

for plaintext m (me{0,lKl=k-ko-ki-2) and a random number r(re{0 ? l} ko } ? 

G = x 2na mod n 
computing 

and sending ciphertext C to the receiver device; and 

(2) in the receiver device, using the receiver's secret key (p,q ? p) to 
compute 

x XtP » C ^ modp, 
#1,? = C * modg 

from the ciphertext C ? for yi=<|>(xi,p,xi,q) ? y2=<()("Xi,p,xi,q), ys^Oxi.prxi.q), and 
y4=<|)("Xi,p,-xi,q), where $ denotes ring isomorphism mapping from 
Z/(p)xZ/(q) to Z/(pq) by the Chinese remainder theorem, 

» = -iU** 6 {0, 1}*"*"" 2 , € {0, 1}*°, 1 < i < 4) g 
when 

computing 



zt = G(H{ Si ) O U) O si (1 < i < 4), 



m 1 "reject" otherwise 

and decrypting the plaintext m by 

where [a] k and [ak denote first k-bits and last k-bits of a, respectively. 

28. The communication method using public key cryptosystem 
according to Claim 27, comprising the step of- 

generating and publicizing the public information 
(n,k,k 0 ,ki,a,G,H) by the receiver device. 

29. The communication method using public key cryptosystem 
according to Claim 22, comprising the step of, for a=p=l, deleting a and p 
from the public key and the secret key, respectively. 

30. The communication method using public key cryptosystem 
according to Claim 22, comprising the step of creating the secret keys p 
and q by p=2p'+l and q=2q'+l, where p' and q' are prime integers. 

31. The communication method using public key cryptosystem 
according to Claim 22, wherein the value of d (d>l) is variable. 

32. An encryption method according to Claim 1, for computing 
ciphertext C in two different devices, comprising the steps of: 

Ci = m 2a mod n 

in a device 1, after computing 



outputting Ci to a device 2! and 



C = Ci n mod n 

in the device 2, by computing 

computing the ciphertext C. 

33. An encryption method according to Claim 22, for computing 
ciphertext C in two different devices, comprising the steps of: 

x = (mO fei O G(r))\\(r O H(mO kl Q G(r))) 
in a device 1, computing 

for plaintext m (me{0,lKl = k"ko"ki-2) and a random number r(re{0,l} ko }> 

G\ = x 2a mod n 

and after further computing 

outputting Ci to a device % and 

in the device 2, by computing 
C = Ci n mod n 

# 

computing the ciphertext C. 

34. A communication method using public key cryptosystem by 
which a sender device encrypts send data by using a receiver's public key, 
the method comprising key generating steps of : generating a secret 

• pi : prime integers (pi = 3 (mod 4), l<i< h) 
« y3 € Z, ap = 1 (mod lcm(p - l,g - 1)) 
key (pi,p) (l^i^h) satisfying 



and 

a public key (n,k,ko,ki,a,G,H) satisfying 

• fc,fco,ki € Z : ft is a binary length of p?, and ko,h axe positive integers with ft > 
k 0 - fci - 2, 

• a € Z 

• H : {0,1}^* {Q>l} k « 



x - (mO fcl O G(r))||(r O #(mO fcl O G(r))) 

(1) in the sender device, computing 

for plaintext m (meft^lKlFk-ko'ki) and a random number r(r£{0,l} ko }, 

C = x 2a mod n 
computing 

and sending ciphertext C to the receiver device; and 

(2) in the receiver device, using the receiver's secret key (pi,p) (1^ 

Xi — C * mod pi 
iSSh) to compute 

from the ciphertext C ? for 2 h pieces of {(j>(eixi J e2X2,...,ehXh) | ei,...,ehS{"l,l}} 
when 

Vi = *i\\ti C* 6 {0,1}*-*°, U e {0,1}\ 1 < f < 2 h ) 



computing 



= G(H(si) Q ti) Osi (1 < i < 2 h ) 



m = 




"reject 7 ' otherwise 



and decrypting the plaintext m by 

where <|> denotes ring isomorphism mapping from Z/(p)xZ/(q) to Z/(pq) by 
the Chinese remainder theorem, and [a] k and [a]k denote first k-bits and 
last k-bits of a, respectively. 

35. The communication method using public key cryptosystem 
according to Claim 34, comprising the step of 

generating and publicizing the public information 
(n,k,ko,ki,a,G,H) by the receiver device. 

36. The communication method using public key cryptosystem 
according to Claim 34, for a=(3=l ? deleting a and p from the public key 
and the secret key, respectively. 

37. The communication method using public key cryptosystem 
according to Claim 34 ? comprising the step of 

sending the plaintext or the identification information of x along 
with ciphertext, or creating the plaintext m or x from publicized 
identification information. 

38. The communication method using public key cryptosystem 
according to Claim 37, comprising the step of 

decrypting the plaintext m or the x from the ciphertext using the 
identification information sent along with the ciphertext or the 
publicized identification information. 
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39. The communication method using public key cryptosystem 
according to Claim 1, comprising the step of : 

creating ciphertext C by 
C = m 2a mod n 

r 

mi iP - C * mod p, 
m liq = C 12 ^ mod q # 
and creating mi, P and mi, q by 

40. The communication method using public key cryptosystem 
according to Claim 22, comprising the step of* 

creating ciphertext C by 

C = x 2ct mod n 

r 

mi, p = C * modp, 
and creating mi, p and mi, q by 

41. A program product, comprising* 

a program for instructing a computer to execute one of the key 
generating step, the encrypting step, and the decrypting step which are 
described in Claim l; and 

a medium embodying the program. 

42. A communication system using public key cryptosystem 
which comprises a sender device and a receiver device and in which the 
sender device encrypts send data using a receiver's public key, 

wherein the receiver device, using an operation unit the receiver 
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device has, executes the key generating step described in Claim 1 and 
generates the secret key (p,q,(3) and the public key (n,k,a), 

wherein the sender device, using an operation unit the sender 
device has, executes the encrypting step described in Claim 1, computes 
Jacobi's symbol a=(m/n), and sends ciphertext (C,a) to the receiver device, 
and 

wherein the receiver device, using the operation unit the receiver 
device has, executes the decrypting step described in Claim 1 and obtains 
plaintext m, 

43, The communication system using public key cryptosystem 
according to Claim 4, wherein the receiver device comprises a device that 
generates the secret keys p and q by p-2p'+l and q=2q r +l, where p' and q* 
are prime integers. 

44, The communication system using public key cryptosystem 
according to Claim 4, wherein the sender device comprises a device that 
generates the plaintext m so as to include check information for checking 
whether message text to be sent to the receiver has been correctly 
decrypted. 

45. The communication system using public key cryptosystem 
according to Claim 4, 

wherein the device of the sender device to encrypt the plaintext m 
provides predetermined redundancy to the message text to be sent to the 
receiver and produces the contents of the resulting message text as the 
plaintext m, and 

wherein the device of the receiver device to decrypt the plaintext 
m checks the predetermined redundancy. 

46. The communication system using public key cryptosystem 
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according to Claim 4, 

wherein the sender device comprises the step of providing a 
predetermined, meaningful message to the message text to be sent to the 
receiver and producing the contents of the resulting message text as the 
plaintext m, and encrypting the plaintext m by the method described in 
Claim 4, and 

wherein the receiver device comprises the step of decrypting the 
plaintext m by the method described in Claim 4 3 and checking the 
contents of the predetermined, meaningful message. 

47. The communication system using public key cryptosystem in 
Claim 4, wherein the value of d (d>l) is variable. 



